Joined copyright on original XySSL code with: Christophe Devine
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
Definition in file ssl.h.
#include <time.h>
#include "polarssl/net.h"
#include "polarssl/dhm.h"
#include "polarssl/rsa.h"
#include "polarssl/md5.h"
#include "polarssl/sha1.h"
#include "polarssl/x509.h"
Go to the source code of this file.
typedef struct _ssl_context ssl_context |
typedef struct _ssl_session ssl_session |
enum ssl_states |
Definition at line 138 of file ssl.h.
00139 { 00140 SSL_HELLO_REQUEST, 00141 SSL_CLIENT_HELLO, 00142 SSL_SERVER_HELLO, 00143 SSL_SERVER_CERTIFICATE, 00144 SSL_SERVER_KEY_EXCHANGE, 00145 SSL_CERTIFICATE_REQUEST, 00146 SSL_SERVER_HELLO_DONE, 00147 SSL_CLIENT_CERTIFICATE, 00148 SSL_CLIENT_KEY_EXCHANGE, 00149 SSL_CERTIFICATE_VERIFY, 00150 SSL_CLIENT_CHANGE_CIPHER_SPEC, 00151 SSL_CLIENT_FINISHED, 00152 SSL_SERVER_CHANGE_CIPHER_SPEC, 00153 SSL_SERVER_FINISHED, 00154 SSL_FLUSH_BUFFERS, 00155 SSL_HANDSHAKE_OVER 00156 }
void ssl_calc_verify | ( | ssl_context * | ssl, | |
unsigned char | hash[36] | |||
) |
int ssl_close_notify | ( | ssl_context * | ssl | ) |
Notify the peer that the connection is being closed.
ssl | SSL context |
int ssl_derive_keys | ( | ssl_context * | ssl | ) |
int ssl_fetch_input | ( | ssl_context * | ssl, | |
int | nb_want | |||
) |
int ssl_flush_output | ( | ssl_context * | ssl | ) |
void ssl_free | ( | ssl_context * | ssl | ) |
Free an SSL context.
ssl | SSL context |
int ssl_get_bytes_avail | ( | ssl_context * | ssl | ) |
Return the number of data bytes available to read.
ssl | SSL context |
char* ssl_get_cipher | ( | ssl_context * | ssl | ) |
Return the name of the current cipher.
ssl | SSL context |
int ssl_get_verify_result | ( | ssl_context * | ssl | ) |
Return the result of the certificate verification.
ssl | SSL context |
int ssl_handshake | ( | ssl_context * | ssl | ) |
Perform the SSL handshake.
ssl | SSL context |
int ssl_handshake_client | ( | ssl_context * | ssl | ) |
int ssl_handshake_server | ( | ssl_context * | ssl | ) |
int ssl_init | ( | ssl_context * | ssl | ) |
Initialize an SSL context.
ssl | SSL context |
int ssl_parse_certificate | ( | ssl_context * | ssl | ) |
int ssl_parse_change_cipher_spec | ( | ssl_context * | ssl | ) |
int ssl_parse_finished | ( | ssl_context * | ssl | ) |
int ssl_read | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | len | |||
) |
Read at most 'len' application data bytes.
ssl | SSL context | |
buf | buffer that will hold the data | |
len | how many bytes must be read |
int ssl_read_record | ( | ssl_context * | ssl | ) |
void ssl_set_authmode | ( | ssl_context * | ssl, | |
int | authmode | |||
) |
Set the certificate verification mode.
ssl | SSL context | |
authmode | can be: |
SSL_VERIFY_OPTIONAL: peer certificate is checked, however the handshake continues even if verification failed; ssl_get_verify_result() can be called after the handshake is complete.
SSL_VERIFY_REQUIRED: peer *must* present a valid certificate, handshake is aborted if verification failed.
void ssl_set_bio | ( | ssl_context * | ssl, | |
int(*)(void *, unsigned char *, int) | f_recv, | |||
void * | p_recv, | |||
int(*)(void *, unsigned char *, int) | f_send, | |||
void * | p_send | |||
) |
Set the underlying BIO read and write callbacks.
ssl | SSL context | |
f_recv | read callback | |
p_recv | read parameter | |
f_send | write callback | |
p_send | write parameter |
void ssl_set_ca_chain | ( | ssl_context * | ssl, | |
x509_cert * | ca_chain, | |||
x509_crl * | ca_crl, | |||
char * | peer_cn | |||
) |
Set the data required to verify peer certificate.
ssl | SSL context | |
ca_chain | trusted CA chain | |
ca_crl | trusted CA CRLs | |
peer_cn | expected peer CommonName (or NULL) |
void ssl_set_ciphers | ( | ssl_context * | ssl, | |
int * | ciphers | |||
) |
Set the list of allowed ciphersuites.
ssl | SSL context | |
ciphers | 0-terminated list of allowed ciphers |
void ssl_set_dbg | ( | ssl_context * | ssl, | |
void(*)(void *, int, char *) | f_dbg, | |||
void * | p_dbg | |||
) |
Set the debug callback.
ssl | SSL context | |
f_dbg | debug function | |
p_dbg | debug parameter |
int ssl_set_dh_param | ( | ssl_context * | ssl, | |
char * | dhm_P, | |||
char * | dhm_G | |||
) |
Set the Diffie-Hellman public P and G values, read as hexadecimal strings (server-side only).
ssl | SSL context | |
dhm_P | Diffie-Hellman-Merkle modulus | |
dhm_G | Diffie-Hellman-Merkle generator |
void ssl_set_endpoint | ( | ssl_context * | ssl, | |
int | endpoint | |||
) |
Set the current endpoint type.
ssl | SSL context | |
endpoint | must be SSL_IS_CLIENT or SSL_IS_SERVER |
int ssl_set_hostname | ( | ssl_context * | ssl, | |
char * | hostname | |||
) |
Set hostname for ServerName TLS Extension.
ssl | SSL context | |
hostname | the server hostname |
void ssl_set_own_cert | ( | ssl_context * | ssl, | |
x509_cert * | own_cert, | |||
rsa_context * | rsa_key | |||
) |
Set own certificate and private key.
ssl | SSL context | |
own_cert | own public certificate | |
rsa_key | own private RSA key |
void ssl_set_rng | ( | ssl_context * | ssl, | |
int(*)(void *) | f_rng, | |||
void * | p_rng | |||
) |
Set the random number generator callback.
ssl | SSL context | |
f_rng | RNG function | |
p_rng | RNG parameter |
void ssl_set_scb | ( | ssl_context * | ssl, | |
int(*)(ssl_context *) | s_get, | |||
int(*)(ssl_context *) | s_set | |||
) |
Set the session callbacks (server-side only).
ssl | SSL context | |
s_get | session get callback | |
s_set | session set callback |
void ssl_set_session | ( | ssl_context * | ssl, | |
int | resume, | |||
int | timeout, | |||
ssl_session * | session | |||
) |
Set the session resuming flag, timeout and data.
ssl | SSL context | |
resume | if 0 (default), the session will not be resumed | |
timeout | session timeout in seconds, or 0 (no timeout) | |
session | session context |
int ssl_write | ( | ssl_context * | ssl, | |
unsigned char * | buf, | |||
int | len | |||
) |
Write exactly 'len' application data bytes.
ssl | SSL context | |
buf | buffer holding the data | |
len | how many bytes must be written |
int ssl_write_certificate | ( | ssl_context * | ssl | ) |
int ssl_write_change_cipher_spec | ( | ssl_context * | ssl | ) |
int ssl_write_finished | ( | ssl_context * | ssl | ) |
int ssl_write_record | ( | ssl_context * | ssl | ) |
int ssl_default_ciphers[] |